|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 95
Members: 0
Total: 95
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
shmk |
|
Replies: 2 |
Views: 7433 |
|
|
|
|
|
|
No reply means that is it quite secure? |
|
|
|
shmk |
|
Replies: 2 |
Views: 7433 |
|
|
|
|
|
|
I'm thinking to add a TAG that allow to insert swf in posts.
I'm not a flash expert so...
swf files can cause serious security holes in a php system? (retrive cookies, inject something bad, get an ... |
|
|
|
shmk |
|
Replies: 1 |
Views: 11222 |
|
|
|
|
|
|
I heard people talking about DOM XSS that instead of inserting jscript in the page code use hole in the javascript using DOM inserted in the page.
Is it possible?
How does it function?
What kind ... |
|
|
|
shmk |
|
Replies: 6 |
Views: 12616 |
|
|
|
|
|
|
Attacker can first place normal picture to remote server and then post img link to it. This will pass all security tests and posting will be allowed. After that attacker just changes original image on ... |
|
|
|
shmk |
|
Replies: 6 |
Views: 12616 |
|
|
|
|
|
|
Anti-CSRF measures with random token or even with CAPTCHA (for critical requests) are very effective by my personal experience. So if you have securely written code with no potential CSRF threats, the ... |
|
|
|
shmk |
|
Replies: 6 |
Views: 12616 |
|
|
|
|
|
|
It's always possible to fool the security filters. Attacker can first place normal picture to remote server and then post img link to it. This will pass all security tests and posting will be allowed. ... |
|
|
|
shmk |
|
Replies: 6 |
Views: 12616 |
|
|
|
|
|
|
What's the most secure PHP filter that allow users to insert links to sites or images in a forum without flaws in security? (regarding xss and csrf overall) |
|
|
|
shmk |
|
Replies: 4 |
Views: 13306 |
|
|
|
|
|
|
So I can install it without fear ? |
|
|
|
shmk |
|
Replies: 4 |
Views: 13306 |
|
|
|
|
|
|
I have heard on net that use a WYSIWYG make big holes in security... is all true ?
I have found this 2:
http://www.phpnuker.de/ (using FCKEditor)
http://www.kodetech.com/nuke70/ (using Spaw)
C ... |
|
|
|
shmk |
|
Replies: 8 |
Views: 14470 |
|
|
|
|
|
|
I then ran a JackFromWales4u218600
Now the sites are 44300 |
|
|
|
shmk |
|
Replies: 16 |
Views: 33342 |
|
|
|
|
|
|
I'm back !
Is possible echo smiles without make some security holes ?
To echo smiles i made this piece of code but I think is not so secure
$sqlsm = "SELECT code, smile_ ... |
|
|
|
shmk |
|
Replies: 1 |
Views: 9851 |
|
|
|
|
|
|
I have found a nice dropdown menu here
http://www.destroydrop.com/javascripts/tree/
I'm not a specialist in Java security, so if someone will find some security hole in this script please warnin ... |
|
|
|
shmk |
|
Replies: 16 |
Views: 33342 |
|
|
|
|
|
|
Thx again... saturday i'll leave for a 2 weeks holiday so I don't disturbe you no more
Good Holiday |
|
|
|
shmk |
|
Replies: 16 |
Views: 33342 |
|
|
|
|
|
|
after all this I have a REALLY stupid question (come in my mind after see some PHPNuke module)...
Variable taked from database but not used later for sql INSERT or SELECT (only "echo" on pa ... |
|
|
|
shmk |
|
Replies: 21 |
Views: 39348 |
|
|
|
|
|
|
too late the competition is over
Doh ! |
|
|
Page 1 of 2 |
Goto page 1, 2Next All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|